dabz / kafka-security-playbook Goto Github PK
View Code? Open in Web Editor NEWExample of different security configurations for Apache Kafka and the Confluent Platform
Home Page: https://docs.confluent.io/current/security/index.html
Example of different security configurations for Apache Kafka and the Confluent Platform
Home Page: https://docs.confluent.io/current/security/index.html
ZK log
zookeeper | [2021-02-05 02:26:36,440] INFO Started ServerConnector@636be97c{HTTP/1.1,[http/1.1]}{0.0.0.0:8080} (org.eclipse.jetty.server.AbstractConnector)
zookeeper | [2021-02-05 02:26:36,440] INFO Started @768ms (org.eclipse.jetty.server.Server)
zookeeper | [2021-02-05 02:26:36,441] INFO Started AdminServer on address 0.0.0.0, port 8080 and command URL /commands (org.apache.zookeeper.server.admin.JettyAdminServer)
zookeeper | [2021-02-05 02:26:36,445] INFO Using org.apache.zookeeper.server.NIOServerCnxnFactory as server connection factory (org.apache.zookeeper.server.ServerCnxnFactory)
zookeeper | [2021-02-05 02:26:36,452] INFO Setting -D jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated TLS renegotiation (org.apache.zookeeper.common.X509Util)
zookeeper | [2021-02-05 02:26:36,470] WARN No password found for user: null (org.apache.zookeeper.server.auth.SaslServerCallbackHandler)
zookeeper | [2021-02-05 02:26:36,472] ERROR Unexpected exception, exiting abnormally (org.apache.zookeeper.server.ZooKeeperServerMain)
zookeeper | java.io.IOException: Could not configure server because SASL configuration did not allow the ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: No password provided
zookeeper | at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:243)
zookeeper | at org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:646)
zookeeper | at org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:143)
zookeeper | at org.apache.zookeeper.server.ZooKeeperServerMain.initializeAndRun(ZooKeeperServerMain.java:106)
zookeeper | at org.apache.zookeeper.server.ZooKeeperServerMain.main(ZooKeeperServerMain.java:64)
zookeeper | at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:128)
zookeeper | at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82)
First of all, thank you for this repo, it's awesome, I love it!
This repo has a running example for kerberized Kafka using SASL_PLAINTEXT, it would be great to have an example with SASL_SSL as well.
Does that make sense? If so, I can also contribute it.
Env:
windows 10 running minikube 1.7.2 with virtualbox driver, using Gitbash
Problem:
cd /kerberos, and run ./up getting the errors below (unqiue to windows it appears as it works on my mac, using the latest repo)
Successfully built 2e29b2238f98
Successfully tagged kerberos_client:latest
Recreating 3376ac7adf80_kdc ... error
ERROR: for 3376ac7adf80_kdc Cannot create container for service kdc: invalid volume specification: 'C:\dev\code\GitHub\old.kafka-security-playbook\kerberos\kdc\krb5.conf:/etc/kdc/krb5.conf:rw'
ERROR: for kdc Cannot create container for service kdc: invalid volume specification: 'C:\dev\code\GitHub\old.kafka-security-playbook\kerberos\kdc\krb5.conf:/etc/kdc/krb5.conf:rw'
I am having this problem when using LDAP. I use server.properties in this repositoy
[2020-05-22 04:39:49,183] ERROR Fatal error during SupportedServerStartable startup. Prepare to shutdown (io.confluent.support.metrics.SupportedKafka)
java.lang.ClassNotFoundException: io.confluent.kafka.security.ldap.authorizer.LdapAuthorizer
at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at org.apache.kafka.common.utils.Utils.loadClass(Utils.java:335)
at org.apache.kafka.common.utils.Utils.newInstance(Utils.java:324)
at kafka.security.authorizer.AuthorizerUtils$.createAuthorizer(AuthorizerUtils.scala:35)
at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1382)
at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1238)
at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:1218)
at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:1215)
at kafka.server.KafkaConfig.fromProps(KafkaConfig.scala)
at io.confluent.support.metrics.SupportedServerStartable.<init>(SupportedServerStartable.java:52)
at io.confluent.support.metrics.SupportedKafka.main(SupportedKafka.java:45)
Using the TLS demo works as expected.
I can bring up the cluster and use the produce and consume example as recommended at the end in the script named up.
[OK] -> docker-compose exec kafka kafka-console-producer --broker-list kafka.confluent.local:9093 --topic test --producer.config /etc/kafka/consumer.properties
[OK] -> docker-compose exec kafka kafka-console-consumer --bootstrap-server kafka.confluent.local:9093 --topic test --consumer.config /etc/kafka/consumer.properties --from-beginning
[FAILE] -> docker-compose exec kafka kafkacat -L -b kafka.confluent.local:9093 -F /etc/kafka/kafkacat.conf -C -t test
This is the error message:
kafkacat: error while loading shared libraries: libssl.so.10: cannot open shared object file: No such file or directory
Some examples are using CP4.1 docker containers. It would be great to update them to 5.4.
The Readme file in the root directory has become quite large. We may want to split it up, and put the content in the respective subdirectories.
Kubernetes is quickly becoming a standard for deployment of containerized apps, and is used extensively in production. Therefore we may want to give examples for setting the different security configurations up in Kubernetes, as well. Here is an example: https://github.com/1123/kafka-security-playbook/tree/master/kubernetes/plain
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.